Með tilkomu dsniff 2.3 er hægt að nota svokallaða man-in-the-middle árás, ég nenni ekki að þýða þetta á íslensku þannig að svona er þetta:
user Alice wants to talk to server Bob, and Charlie wants to snoop in on her session so he can read her mail. Alice initiates a connection with Bob, Charlie sees this and intercepts it. Charlie talks to Bob and pretends to be Alice; on the other side he talks to Alice and pretends to be Bob. Alice sends her public key out, which Charlie intercepts; Charlie then sends his own public key to Bob. Bob then sends his public key to Alice, which is again intercepted by Charlie; Charlie sends his own public key on to Alice.
Now when Alice signs data using her secret key and then encrypts data to Bob using Bob's public key, she will actually be using Charlie's public key, meaning Charlie can decrypt the data. Charlie will then receive the data, decrypt it using his secret key, strip off Alice's signature, sign the data using his secret key, encrypt the data using Bob's public key, and send it to Bob. Thus Alice thinks she is talking directly to Bob in a secure manner, when in fact Charlie is in the middle intercepting the communications, able to monitor them and also to modify the content. This means that Charlie can not only grab Alice's username and password, but can inject his own commands, while the trail points to Alice. Bob is in the same situation as Alice, blissfully unaware that Charlie is about to format the main hard drive.
Þó að þetta vandamál er til staðar er frekar erfitt að notfæra sér þetta.
Og ég ætla EKKI að birta link á þetta forrit útaf öryggisástæðum :)
Ég myndi nú samnt ekki henda frá mér ssh því það er MIKLU öruggara heldur en telnet og eins og ég sagði er þetta frekar erfitt að exploita.
Addi